This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iNdKPwn6gf-BJtLv1yHaaH2tMKc.roa
File:                     iNdKPwn6gf-BJtLv1yHaaH2tMKc.roa (raw, json)
Hash identifier:          +qmathoYGt/beZ/ocOAb/l0jjkr1D94WllcRW2ICDOE=
Subject key identifier:   88:D7:4A:3F:09:FA:81:FF:81:26:D2:EF:D7:21:DA:68:7D:AD:30:A7
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F856F648FB1D996A89A20AAD1960E42
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iNdKPwn6gf-BJtLv1yHaaH2tMKc.roa
Signing time:             Fri 02 Jan 2026 16:23:29 +0000
ROA not before:           Fri 02 Jan 2026 16:23:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213751
IP address blocks:        193.124.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:6f:64:8f:b1:d9:96:a8:9a:20:aa:d1:96:0e:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88d74a3f09fa81ff8126d2efd721da687dad30a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e8:b2:f1:8d:7c:e2:31:60:12:9e:bb:91:ae:
                    26:1c:5c:35:0a:0f:00:ab:6c:27:fe:d4:e3:fe:f9:
                    15:6b:c0:52:68:18:54:12:51:e6:7c:3b:2e:90:72:
                    3b:33:09:c4:ed:34:d2:1c:b0:2e:99:8f:c1:58:08:
                    09:a4:a1:fc:3e:08:df:ec:6e:15:2e:1e:0e:04:51:
                    41:d4:2a:73:46:86:de:28:6a:02:5b:33:eb:d3:c2:
                    cc:5c:c7:9e:ef:ec:a4:18:4a:fa:75:f8:25:77:b8:
                    84:41:2a:cd:f9:f9:76:09:8b:e9:c2:02:99:2c:6c:
                    ef:4b:86:08:81:60:c8:77:ff:43:b6:71:fe:3a:6c:
                    91:fa:a7:a2:0e:94:d5:75:30:ad:4a:2b:67:7b:17:
                    63:14:f2:ca:d7:0a:86:48:c1:93:6b:43:41:35:57:
                    71:fb:69:9e:1a:e7:1c:96:59:ac:c2:b0:56:f5:82:
                    2a:2a:7a:5b:81:32:56:4a:da:92:4f:92:2d:90:a4:
                    7d:eb:4d:05:56:82:a5:2a:0f:85:8b:65:c4:97:75:
                    cd:cf:f7:a1:6f:44:7d:a2:aa:48:df:dc:55:bb:b7:
                    18:60:a2:03:b2:f1:5e:d6:cc:b8:30:7a:3c:71:8a:
                    e5:6e:4c:fd:b7:79:85:c2:f2:e4:c8:93:ab:c7:d8:
                    a8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D7:4A:3F:09:FA:81:FF:81:26:D2:EF:D7:21:DA:68:7D:AD:30:A7
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iNdKPwn6gf-BJtLv1yHaaH2tMKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:6c:cf:02:5a:b1:7b:ea:1c:88:31:f4:78:c7:39:b5:d4:b6:
         94:9d:37:0f:b1:a8:4a:87:4b:11:1a:8d:00:b8:20:74:28:e8:
         ec:1c:32:25:f3:59:9d:c6:a4:4f:7e:ca:9f:ee:64:14:07:cf:
         0b:9c:9a:9d:0c:50:08:e9:08:9a:28:af:3d:61:d7:c9:45:f9:
         35:14:55:a1:d9:32:61:ec:5e:b1:27:1d:65:5e:7a:5b:45:40:
         40:dd:17:5e:ae:05:0a:75:b4:22:36:5f:6f:07:2f:6e:4f:cc:
         c2:7b:48:91:c3:56:9a:ce:b7:fd:c7:c5:d2:df:97:dc:8b:80:
         cd:48:70:b7:61:ba:85:89:d1:99:6e:ca:3f:f2:2a:9b:e5:c6:
         b8:d0:f9:a7:b4:71:84:b2:58:8f:f1:25:11:69:b3:bb:08:0e:
         35:88:36:9a:ab:42:05:9d:d7:4d:be:7f:7e:72:1b:9c:e2:00:
         1e:e8:cc:55:c8:02:ce:c6:03:97:56:fa:d5:62:89:37:80:7f:
         ed:ed:b3:82:33:37:ff:2e:df:48:2a:64:e4:f5:68:14:75:6d:
         a8:98:6a:ec:99:0c:ca:7a:07:c3:f2:d3:36:62:59:6b:d1:b1:
         ff:11:ad:ab:a5:0a:18:aa:c1:4c:86:d9:6c:f5:05:1c:03:c1:
         d6:2c:3a:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hW9kj7HZlqiaIKrRlg5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQ3NGEzZjA5ZmE4MWZmODEyNmQyZWZkNzIxZGE2ODdkYWQzMGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeiy8Y184jFgEp67ka4mHFw1Cg8A
q2wn/tTj/vkVa8BSaBhUElHmfDsukHI7MwnE7TTSHLAumY/BWAgJpKH8Pgjf7G4V
Lh4OBFFB1CpzRobeKGoCWzPr08LMXMee7+ykGEr6dfgld7iEQSrN+fl2CYvpwgKZ
LGzvS4YIgWDId/9DtnH+OmyR+qeiDpTVdTCtSitnexdjFPLK1wqGSMGTa0NBNVdx
+2meGuccllmswrBW9YIqKnpbgTJWStqST5ItkKR9600FVoKlKg+Fi2XEl3XNz/eh
b0R9oqpI39xVu7cYYKIDsvFe1sy4MHo8cYrlbkz9t3mFwvLkyJOrx9ioTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjXSj8J+oH/gSbS79ch2mh9rTCnMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaU5kS1B3bjZnZi1CSnRMdjF5SGFhSDJ0TUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXx8MA0G
CSqGSIb3DQEBCwUAA4IBAQAQbM8CWrF76hyIMfR4xzm11LaUnTcPsahKh0sRGo0A
uCB0KOjsHDIl81mdxqRPfsqf7mQUB88LnJqdDFAI6QiaKK89YdfJRfk1FFWh2TJh
7F6xJx1lXnpbRUBA3RdergUKdbQiNl9vBy9uT8zCe0iRw1aazrf9x8XS35fci4DN
SHC3YbqFidGZbso/8iqb5ca40PmntHGEsliP8SURabO7CA41iDaaq0IFnddNvn9+
chuc4gAe6MxVyALOxgOXVvrVYok3gH/t7bOCMzf/Lt9IKmTk9WgUdW2omGrsmQzK
egfD8tM2Yllr0bH/Ea2rpQoYqsFMhtls9QUcA8HWLDo6
-----END CERTIFICATE-----